[SSL Observatory] www.torproject.org certificate chain fails to validate in Chrome on Windows

Ondrej Mikle ondrej.mikle at nic.cz
Thu Jan 5 10:42:56 PST 2012 

On 01/05/12 02:14, Adam Langley wrote:
> On Wed, Jan 4, 2012 at 7:23 PM, Ondrej Mikle<ondrej.mikle at nic.cz>  wrote:
>> Try to connect to https://www.torproject.org in Chrome on Windows. Latest
>> Chrome (16.0.912.63 m) will give you "invalid signature" warning.
>
> Does this happen every time for you? What version of Windows? Have you
> altered your root store at all? Is your system clock wrong? Can you
> include the error from Chrome?

Windows version: WinXP SP2 (very unpatched virtual machine I keep for debugging 
and testing compatibility stuff; sorry, should've mentioned it right away).

An other guy from tor-talk list says he's using Windows Server 2003 (and same 
Chrome version; says Chrome on MacOS is fine):

OS Name	Microsoft(R) Windows(R) Server 2003, Enterprise
EditionVersion	5.2.3790 Service Pack 2 Build 3790OS
Manufacturer	Microsoft Corporation
System Manufacturer	MSI
System Model	MS-7350System Type	X86-based PCProcessor	x86 Family 6
Model 15 Stepping 11 GenuineIntel ~3000 MhzProcessor	x86 Family 6
Model 15 Stepping 11 GenuineIntel ~3000 MhzHardware Abstraction
Layer	Version = "5.2.3790.3959 (srv03_sp2_rtm.070216-1710)"

Apparently it started happening on 2011-12-21 
(http://permalink.gmane.org/gmane.network.tor.general/2555), but the leaf cert 
for torproject hasn't changed in last two-three months. The chain sent by server 
in handshake includes cross-cert from Entrust for Digicert since today, but 
didn't make any difference.


Time: my VM is sychronized via VirtualBox (host uses NTP)

Altering truststore: I don't recall altering the trust store. Nevertheless the 
root cert for "DigiCert High Assurance EV Root CA" is trusted by the trust store 
(all trusted purposes except client authentication and secure mail are checked).

Error: see screenshot and some paste of event log below.

On 01/05/12 01:45, Chris Palmer wrote:
 > I can't reproduce the problem on Chrome 16.0.912.63 m on Windows 7. I
 > connect fine with no errors, and it passes Chrome's preloaded public
 > key pinning check. Perhaps the chain you are getting fails the pinning
 > check? (Check the SHA-1 hashes of the SPKIs of the certs in your cert
 > chain against the hashes found in chrome://net-internals/#hsts . Also,
 > the error page should mention something about absolutely not being
 > able to proceed because Chrome is certain that the certificate chain
 > is wrong.)

I'm not sure what exactly the error means, it's not very descriptive (see 
attached screenshot of Chrome and cert viewer). The certviewer says that the two 
Digicert certs in chain are ok, only the leaf cert for www.torproject.org has 
"nonvalid signature".

The HSTS "query domain" tool outputs for www.torproject.org:

mode: STRICT include_subdomains:true domain:www.torproject.org is_preloaded:true 
pubkey_hashes:sha1/o5OZxATDsgmwgcIfIWIneMJ0jkw=,sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM=,sha1/juNxSTv9UANmpC9kF5GKpmWNx3Y=,sha1/lia43lPolzSPVIq34Dw57uYcLD8=,sha1/rzEyQIKOh77j87n5bjWUNguXF8Y=

SPKI pins I computed from the chain shown by Chrome (all sha1):

KfCQmMZXq8WLLNsf+vWpC5jgCfU= (www.torproject.org)
lfnXQ0sc5x3vQhHua+PA4CVvrZU= (Digicert High Assurance CA-3)
gzF+YoVCU9bXeDGQ7JGQVumRueM= (Digicert root or the cross cert)

Thus the pin should be not a problem, it matches the Digicert root (which is 
trusted by Windows trust store).

(The oneliner I used, just in case there's error:
openssl x509 -inform pem -in digicert-ha-ca-3.pem -pubkey -noout | grep -v -e 
'^--' | base64 -d | sha1sum | cut -f 1 -d " " | perl -ne 'chomp; 
s/(.{2})/pack('C', hex($1))/ge; print $_;' | base64
)

I copy&pasted the following error from the "Events" tab (HTTP_STREAM_JOB), maybe 
the error -207 means something specific?

https://www.torproject.org/

Start Time: Thu Jan 05 2012 18:28:21 GMT+0100 (Central Europe Standard Time)

t=1325784501162 [st=  0] +HTTP_STREAM_JOB   [dt=175]
                           --> original_url = "https://www.torproject.org/"
                           --> url = "https://www.torproject.org/"
t=1325784501162 [st=  0]    +PROXY_SERVICE  [dt=  0]
t=1325784501162 [st=  0]        PROXY_SERVICE_RESOLVED_PROXY_LIST
                                 --> pac_string = "DIRECT"
t=1325784501162 [st=  0]    -PROXY_SERVICE
t=1325784501162 [st=  0]    +SOCKET_POOL    [dt=173]
t=1325784501335 [st=173]        SOCKET_POOL_BOUND_TO_CONNECT_JOB
                                 --> source_dependency = {"id":626,"type":4}
t=1325784501335 [st=173]        SOCKET_POOL_BOUND_TO_SOCKET
                                 --> source_dependency = {"id":635,"type":5}
t=1325784501335 [st=173]    -SOCKET_POOL
                              --> net_error = -207 (CERT_INVALID)
t=1325784501337 [st=175] -HTTP_STREAM_JOB


Sorry for giving you additinal work, I though it would be something much 
simpler. I'll try some other Windows machines when I get to them tomorrow.

Ondrej
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chrome-torproject.png
Type: image/png
Size: 236909 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/observatory/attachments/20120105/b309a23c/attachment.png>

More information about the Observatory mailing list